---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: db-reader
  namespace: testing-ro
spec:
  selector:
    matchLabels:
      name: db-reader
  template:
    metadata:
      labels:
        name: db-reader
    spec:
      containers:
      - image: postgres:14-alpine@sha256:446abaf8831c54f57212c0ae52f5df84e69eeb2767e2376d07bed9c9742b1243
        imagePullPolicy: IfNotPresent
        name: psql
        command: ["bash"]
        resources: {}
        stdin: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        tty: true
      - command:
        - /cloud_sql_proxy
        - -instances=pl-pixies:us-west1:pixie-cloud-testing-db-pg13=tcp:5432
        - -ip_address_types=PRIVATE
        - -credential_file=/secrets/cloudsql/db_service_account.json
        # yamllint disable-line rule:line-length
        image: gcr.io/cloudsql-docker/gce-proxy:1.14@sha256:96689ad665bffc521fc9ac3cbcaa90f7d543a3fc6f1c84f81e4148a22ffa66e0
        imagePullPolicy: IfNotPresent
        name: cloudsql-proxy
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          runAsUser: 2
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /secrets/cloudsql
          name: pl-db-secrets
          readOnly: true
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
      - name: pl-db-secrets
        secret:
          defaultMode: 420
          secretName: pl-db-ro-secrets
